TN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



In re Patent Application of: Richard Alexander Harrington et al. 
Title: ENCRYPTED SOFTWARE INSTALLER 

Attorney Docket No. : 777.222US 1 



CO 



CM 



SCO 
50 



PATENT APPLICATION TRANSMITTAL 



CJ^ — 



BOX PATENT APPLICATION 

Assistant Commissioner for Patents 
Washington, D.C. 20231 

We are transmitting herewith the following attached items and information (as indicated with an n X"): 

X Utility Patent Application under 37 CFR § 1 .53(b) comprising: 

X Specification ( _21_ pgs, including claims numbered J_ through _23_ and a _1_ page Abstract). 

^ X Formal Drawing(s) ( _5_ sheets). 

^? X Signed Combined Declaration and Power of Attorney ( Apgs) . 

fj X Check in the amount of $892.00 to pay the filing fee. 

j|| Assignment of the invention to Microsoft Corporation ( JL pgs) and Recordation Form Cover Sheet. 

|| Check in the amount of $40.00 to pay the Assignment recording fee. 

% Return postcard. 



L) 



; The filing fee has been ca 


culated below as follows: 




No. Filed 


No. Extra 


Rate 


Fee 


i SrOTAL CLAIMS 


23 - 20 = 


3 


xl8 = 


$54.00 


] Independent claims 


4-3 = 


1 


x78 = 


$78.00 


| J ] MULTIPLE DEPENDENT CLAIMS PRESENTED 


$0.00 


" %ASIC FEE 


$760.00 




TOTAL 






$892.00 



Please charge any additional required fees or credit overpayment to Deposit Account No. 19-0743. 



SCHWEGMAN, T.TINDBFRO, WOKSSNER & KTJJTH. P.A. By: X.'^Pi'^^ 7 

P.O. Box 2938, Minneapolis, MN 55402 (612-373-6900) Atty: Kent J. Sieffert 

Reg. No. 41,312 

Customer Number 21186 

"Express Mail" mailing label number: RT ,3348753691 JS Date of Deposit: April 8 , 1999 

I hereby certify that this paper or fee is being deposited with the United States Postal Service "Express Mail Post Office to Addressee" service under 37 
CFR 1 . 1 0 on the date indicated above and is addressed to the Assistant Commissioner for Patent^ Box Patent Application, Washington, D.C. 2023 1 . 

Ry: Chris Hammond Signature: Oh/lfy <^A/W^(&<\(S 



ENCRYPTED SOFTWARE INSTALLER 



FIELD OF THE INVENTION 

This invention relates generally to the field of data 
5 processing and more particularly to a secure mechanism for 
installing and upgrading software on a computing system. 



BACKGROUND 

Current regulations prohibit exporting "strong" 
10 cryptographic software outside the United States without a 
specific export license. For example, these regulations 
currently prohibit exporting software having more than 56 -bit 
encryption. This prohibition creates problems for releasing, 
distributing and upgrading cryptographic software because the 
15 manufacturer is often forced to produce and distribute two 
different software versions, a domestic version and an 
international version. 

One known solution for upgrading software has been to ship 
an installation module that includes an upgrade for a non- 
20 restricted software module and an encrypted upgrade for the 

restricted version of the software module. During the upgrade 
process the installation module determines what versions of the 
software module already exist on the computing system. The 
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installation module decrypts and upgrades the restricted 
version only if a previous version of the restricted software 
is already present. Otherwise, the installation module 
upgrades the non-restricted version of the software module. 
5 This approach alleviates some of the problems of upgrading 

individual software modules but has a number of deficiencies. 
First, because this approach is based on a one-to-one mapping 
between the version of the upgrade module and the version of 
the module already present on the computing system, it is 

10 unworkable in the situation where a complete set of software 
modules must be upgraded. For example, this approach often 
results in only a subset of the desired software modules being 
upgraded because the computer may not have previous versions 
for all of the software modules. Second, this approach only 

15 addresses upgrading software modules and does not address the 
initial installation of restricted software on a computing 
system. 

For these reasons, and for other reasons stated below 
which will become apparent to those skilled in the art upon 
20 reading and understanding the present specification, there is a 
need in the art for a generalized installation mechanism that 
is capable of securely installing and upgrading one or more 
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restricted software modules, either individually or as a 
complete set of software modules . 

SUMMARY 

5 The invention is directed toward an improved method and 

apparatus for securely upgrading and installing restricted 
software such as domestic strength cryptographic software. In 
one aspect, the invention is an improved setup program that 
upgrades one or more software modules when at least one of a 

10 set of trigger files are present on a computer. Each software 
module to be installed is encrypted and encapsulated in a 
corresponding installation module. Each installation module is 
invoked by the setup program and is programmed to upgrade the 
software module when the presence of a corresponding trigger 

15 file is detected. In this manner the invention installs the 
restricted software modules on the computer only when the 
computer has been previously authorized to use the software 
modules . 

In another aspect, the invention is a set of software 
20 modules, referred to as an encryption pack, that is shipped for 
installation on a computer. The encryption pack includes one 
or more installation modules and a setup program. The setup 
program of the encryption pack invokes each installation 
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module, which in turn installs the encapsulated software module 
if a trigger file is present on the computer. The trigger file 
can be located on the shipped storage medium, such as a CD, in 
order to facilitate initial installation. Alternatively, the 
setup program can direct a user to log onto an authorized 
website for verification and to download the trigger file. 
This technique allows restricted software modules, that often 
are large in size, to be securely shipped to the user on a 
storage medium while only requiring the user to download a 
small trigger file. Once the small trigger file is downloaded 
the user can then access the software modules on the storage 
medium and install them on the computer. 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG, 1 is a diagram of a suitable computer in conjunction 
with which embodiments of the invention may be practiced; 

FIG. 2 is a block diagram illustrating one embodiment of 
an installation module that is invoked by a setup program for 
securely installing software onto the computer of FIG. 1 
according to the invention; 

FIG. 3 is a block diagram illustrating one embodiment of a 
database that is encapsulated within the installation module of 
FIG. 2; 
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FIG. 4 is a flowchart illustrating one exemplary method of 
operation of the setup program that securely installs and 
upgrades software modules; and 

FIG. 5 is a flowchart illustrating one exemplary method of 
operation of the installation module of FIG. 2 when invoked by 
the setup program. 

DETAILED DESCRIPTION 

In the following detailed description of exemplary 
embodiments of the invention, reference is made to the 
accompanying drawings that form a part hereof and which show 
specific exemplary embodiments in which the invention may be 
practiced. It is to be understood that other embodiments may 
be utilized and that logical, mechanical, electrical and other 
changes may be made without departing from the spirit or scope 
of the present invention. The following detailed description 
is, therefore, not to be taken in a limiting sense, and the 
scope of the present invention is defined only by the appended 
claims . 

The detailed description is divided into four sections. 
The first section describes the hardware and the operating 
environment that is suitable for use as a computer for use with 
the inventive installation mechanism described below. The 
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second section provides a detailed description of the inventive 
system. The third section provides methods for operating an 
exemplary embodiment of the invention. Finally, the fourth 
section provides a conclusion of the detailed description. 

5 

Hardware and Operating Environment 
FIG. 1 is a diagram of computer suitable for securely 
installing restricted software modules according to the various 
embodiments of the invention. For example, in one embodiment 

10 the restricted software modules are domestic versions of 
cryptographic software. The invention is described in the 
general context of computer-executable instructions, such as 
program modules, being executed by a computer, such as a 
personal computer. Generally, program modules include 

15 routines, programs, objects, components, data structures, etc., 
that perform particular tasks or implement particular abstract 
data types . 

The exemplary hardware and operating environment of FIG. 1 
includes a general purpose computing device in the form of a 
20 computer 2 0 having processing unit 21, system memory 22, and 
system bus 23 that operatively couples various system 
components including system memory 22 to the processing unit 
21. There may be only one or there may be more than one 
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processing unit 21, such that the processor of computer 2 0 
comprises a single central -processing unit (CPU) , or a 
plurality of processing units, commonly referred to as a 
parallel processing environment. The computer 20 may be a 
conventional computer, a distributed computer, or any other 
type of computer; the invention is not so limited. 

The system bus 23 may be any of several types of bus 
structures including a memory bus or memory controller, a 
peripheral bus, and a local bus using any of a variety of bus 
architectures. The system memory may also be referred to as 
simply the memory, and includes read only memory (ROM) 24 and 
random access memory (RAM) 25. Basic input/output system 
(BIOS) 2 6 contains routines that help to transfer information 
between elements within computer 20, such as during start-up, 
and is stored in ROM 24. Computer 20 further includes hard disk 
drive 27 for reading from and writing to a hard disk, not 
shown, a magnetic disk drive 2 8 for reading from or writing to 
a removable magnetic disk 29, and an optical disk drive 3 0 for 
reading from or writing to a removable optical disk 31 such as 
a CD ROM or other optical media. 

The hard disk drive 27, magnetic disk drive 28, and 
optical disk drive 3 0 are connected to the system bus 23 by a 
hard disk drive interface 32, a magnetic disk drive interface 
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33, and an optical disk drive interface 34, respectively. The 
drives and their associated computer- readable media provide 
nonvolatile storage of computer-readable instructions, data 
structures, program modules and other data for the computer 20. 

It should be appreciated by those skilled in the art that any 
type of computer-readable media which can store data that is 
accessible by a computer, such as magnetic cassettes, flash 
memory cards, digital video disks, Bernoulli cartridges, random 
access memories (RAMs) , read only memories (ROMs) , and the 
like, may be used in the exemplary operating environment. 

A number of program modules may be stored by hard disk 27, 
magnetic disk 29, optical disk 31, ROM 24, or RAM 25, including 
an operating system 35, one or more application programs 36, 
other program modules 37, and program data 38. A user may 
enter commands and information into the personal computer 2 0 
through input devices such as a keyboard 4 0 and pointing device 
42. Other input devices (not shown) may include a microphone, 
joystick, game pad, satellite dish, scanner, or the like. 
These and other input devices are often connected to processing 
unit 21 through serial port interface 46 that is coupled to the 
system bus, but may be connected by other interfaces, such as a 
parallel port, game port, or a universal serial bus (USB) . 
Monitor 4 7 or other type of display device is also connected to 
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the system bus 23 via an interface, such as a video adapter 48. 

In addition to the monitor, computers typically include other 
peripheral output devices (not shown) , such as speakers and 
printers . 

The computer 2 0 may operate in a networked environment 
using logical connections to one or more remote computers, such 
as remote computer 49. These logical connections are achieved 
by a communication device coupled to or a part of the computer 
20; the invention is not limited to a particular type of 
communications device. The remote computer 49 may be another 
computer, a server, a router, a network PC, a client, a peer 
device or other common network node, and typically includes 
many or all of the elements described above relative to the 
computer 20, although only a memory storage device 50 has been 
illustrated in FIG. 1. The logical connections depicted in 
FIG, 1 include a local -area network (LAN) 51 and a wide-area 
network (WAN) 52 . Such networking environments are commonplace 
in offices, enterprise-wide computer networks, intranets and 
the Internet . 

When used in a LAN-networking environment, the computer 20 
is connected to the local network 51 through a network 
interface or adapter 53, which is one type of communications 
device. When used in a WAN-networking environment, the 
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computer 2 0 typically includes a modem 54, a type of 
communications device, or any other type of communications 
device for establishing communications over the wide area 
network 52, such as the Internet. The modem 54, which may be 
5 internal or external, is connected to the system bus 23 via the 
serial port interface 46. In a networked environment, program 
modules depicted relative to the personal computer 20, or 
portions thereof, may be stored in the remote memory storage 
device. It is appreciated that the network connections shown 
10 are exemplary and other means of and communications devices for 
establishing a communications link between the computers may be 
used. 

The hardware and operating environment in conjunction with 
which embodiments of the invention may be practiced has been 

15 described. The computer in conjunction with which embodiments 
of the invention may be practiced may be a conventional 
computer, a distributed computer, or any other type of 
computer; the invention is not so limited. Such a computer 
typically includes one or more processing units as its 

20 processor, and a computer-readable medium such as a memory. 

The computer may also include a communications device such as a 
network adapter or a modem, so that it is able to 
communicatively couple other computers. 
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According to the invention, computer 2 0 executes a setup 
program in order to securely install one or more restricted 
software modules. As explained in detail below, each 
restricted software module is encrypted and encapsulated in a 
corresponding installation module. The setup program invokes 
the installation module, which in turn decrypts and installs 
the restricted software modules only when one or more trigger 
files are present on computer 20. If none of the trigger files 
are present on computer 2 0 then, in one embodiment, the setup 
program installs a non-restricted version of the software 
module. In this manner, the installation modules securely 
install the restricted software modules only when computer 2 0 
is authorized. For example, in one embodiment the restricted 
software modules are domestic strength cryptographic software 
modules. In this embodiment the installation modules securely 
install domestic strength cryptographic software only when 
computer 20 is authorized to use such software. The 
international version is installed in the event that suitable 
trigger files are not found on computer 20. 

In one embodiment a manufacturer ships a storage device, 
such as a CD-ROM, that contains a setup program and a set of 
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software modules, referred to as an encryption pack, for 
installation on computer 20. Each software module of the 
encryption pack is encrypted and encapsulated in a 
corresponding installation module. In one embodiment the setup 
5 program of the encryption pack directs a user to log into an 
authorized website for verification and to download a trigger 
file for the encryption pack. This technique allows several 
restricted software modules to be securely shipped to the user 
while only requiring the user to download a small trigger file 

10 in order to install the software modules on computer 20. 

Alternatively a trigger file may be shipped on the CD-ROM for 
immediate installation. 

FIG. 2 is a block diagram illustrating one embodiment of 
an installation module 2 02 that is invoked by the setup 

15 program. Installation module 202 comprises code portion 204 
and resource portion 206. Resource portion 206 contains 
database 22 0 and the encrypted software module 225 that is to 
be installed on computer 20. Code portion 204 includes 
executive 215 that, as discussed in detail below, is executable 

20 software that decrypts software module 225 when one or more 

trigger files of a set of trigger files are present on computer 
20. Database 220 maintains information for identifying the 
trigger files. A trigger file may be a previous version of 

SLWK777.222US1 MS 112410.1 

12 



software module 22 5 or may be any file suitable for indicating 
that computer 20 is authorized for having software module 225 
installed. As described above, for initial installation the 
user may download a trigger file from an authorized Internet 
website or a trigger file may be included on the CD. 

FIG. 3 is a block diagram illustrating one embodiment of 
database 220 of installation module 202. In this embodiment 
database 22 0 is a table having two columns and a plurality of 
rows. Each row corresponds to a trigger file that, when 
present, triggers the installation of encrypted software module 
225. For example, there will be a row within the table for 
each previous version of software module 225. Other trigger 
files can be added to the table by adding rows. 

Each row of database 220 includes an identifier 302 that 
is used to determine whether the corresponding trigger file is 
present on computer 20. In one embodiment, identifier 3 02 is a 
first cryptographic hash value generated by hashing the trigger 
file with a first hash algorithm. Each row further includes a 
key 3 04 that is used to decrypt software module 225 when the 
trigger file is present. Key 304 is encrypted to prevent 
unauthorized users from manually decrypting and installing 
software module 225. In one embodiment, key 304 is encrypted 
as a function of a second cryptographic hash value produced by 
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hashing the corresponding trigger file with a second hash 
algorithm. Thus, in the event that the trigger file is present 
on computer 20, the first hash value of the trigger file 
matches ID 3 03 and the second hash value can be used to decrypt 
key 3 04 such that software module 22 5 can then in turn be 
decrypted and installed. 

Methods of an Exemplary Embodiment of the Invention 
In the previous section, a system level overview of the 
operation of exemplary embodiments of the invention was 
described. In this section, the particular methods performed 
by the exemplary embodiments are described by reference to a 
flowchart. The methods to be performed by the embodiments 
constitute computer programs made up of computer-executable 
instructions. Describing the methods by reference to a 
flowchart enables one skilled in the art to develop such 
programs including such instructions to carry out the methods 
on suitable computing systems from computer- readable media. 

FIG. 4 is a flowchart 400 that illustrates one exemplary 
method of operation of the above -described systems. In order 
to securely install restricted software on computer 2 0 the 
setup program begins with block 402, proceeds to block 404 and 
retrieves a list of all of the installation modules 202. For 
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example, in the encryption pack embodiment a manufacturer of 
software may ship a CD-ROM that contains a plurality of 
installation modules 2 02. In one embodiment the setup program 
retrieves the list from a registry within computer 20, 
5 When the list is received, the setup program proceeds to 

block 406 and invokes each installation module 202 by executing 
the corresponding executive 215 contained therein. As 
explained below, executive 215 returns failure when no trigger 
file is present on computer 20. When at least one trigger file 

10 is present executive 215 decrypts software module 225 and 
returns a pointer to the decrypted software module 225. 

In block 4 08 the setup program determines whether the 
invoked executive 215 succeeded or failed. If executive 215 
failed then the setup program jumps to block 412. If executive 

15 215 succeeded then the setup program proceeds to 410 and 

installs the decrypted software module 225 that was returned by 
executive 215. 

In block 412 the setup program loops back to block 406 in 
the event that there are more installation modules 2 02 to 
20 invoke. Once all of the installation modules 202 have been 

invoked the setup program proceeds to block 414 and terminates. 

FIG. 5 is a flowchart 500 that illustrates one exemplary 
method of operation of executive 215 when invoked by the setup 
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program in block 406 of flowchart 400. Executive 215 begins 
with block 502, proceeds to block 504 and accesses database 
220. More specifically, executive 215 selects one of the rows 
of database 220 and retrieves ID 302 and key 304. 

5 In block 508, executive 215 determines whether the trigger 

file that corresponds to the selected row exists within 
computer 20. For new installations the trigger file may be 
shipped with the encryption pack or the setup program may 
direct the user to download the trigger file from an Internet 

10 website. In order to determine whether the trigger file is 
present executive 215 examines computer 20 and generates a 
first hash value and a second hash value for each trigger file 
of a set of predefined trigger files that is present on 
computer 20. 

15 in block 510 installation module 202 verifies that the 

identified trigger file is indeed a genuine trigger file by 
comparing the generated first hash values to ID 3 02 of the 
selected row. If none of the generated first hash values match 
ID 302 then installation module 202 jumps back to block 518. If 

20 any of the generated hash values match ID 3 02 of the selected 
row then a genuine trigger file is present. 

When a match is found, installation module 202 proceeds to 
block 512 and uses the second hash value to decrypt key 304. 
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In block 514 installation module 202 uses key 304 to decrypt 
software module 225. In block 516 installation module 202 
successfully terminates and returns a pointer to the decrypted 
software module 22 5 for use by the calling setup program. 

The particular methods for installing encrypted software 
according to the invention have been described. The methods 
have been shown by reference to flowcharts that describe 
various embodiments of the setup program and the installation 
modules . 

Conclusion 

An installation process has been described that securely 
installs restricted software modules on a computer. Although 
specific embodiments have been illustrated and described 
herein, it will be appreciated by those of ordinary skill in 
the art that any arrangement which is calculated to achieve the 
same purpose may be substituted for the specific embodiments 
shown. Therefore, this application is intended to cover any 
adaptations or variations of the present invention. 

For example, those of ordinary skill within the art will 
appreciate that in one embodiment the inventive setup program 
and installation module upgrade a corresponding software module 
when at least one of a set of trigger files is installed on the 
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computer. Each installation module securely encapsulates an 
encrypted version of a corresponding software module and is 
programmed to determine whether a genuine trigger file exists. 
In another embodiment, the invention is a set of software 
modules, referred to as an encryption pack, that is shipped for 
new installation on a computer. 
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We claim: 

1. An installation module comprising: 

an encrypted software module; and 

an executive for decrypting the encrypted software 
module when at least one of a set of trigger files is 
stored on a computing system. 

2. The installation module of claim 1 and further comprising 
a database for identifying the trigger files. 

3. The installation module of claim 2, wherein the database 
includes a key for decrypting the software module. 

4. The installation module of claim 3, wherein the key is 
encrypted. 

5. The installation module of claim 2, wherein the database 
includes a hash value for each of the trigger files. 

6. The system of claim 1, wherein the encrypted software 
module is a cryptographic software module. 
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7. The system of claim 6, wherein the encrypted software 
module is a dynamic-link library (DLL) for providing a secure 
socket layer (SSL) . 

8. The system of claim 1, wherein the encrypted software 
module resides on a computer- readable medium. 

9. A software system comprising: 

an installation module comprising: 

an encrypted software module, and 

an executive for decrypting the encrypted software 
module when at least one of a set of trigger files 
is stored on a computing system; and 
a setup program for invoking the executive and loading the 
decrypted software module onto a computing system. 

10. The software system of claim 9, wherein the setup program 
loads one of the trigger files onto the computing system. 

11. The software system of claim 10, wherein the setup program 
retrieves the loaded trigger file from an Internet website. 
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12. The software system of claim 9, wherein the encrypted 
software module is a cryptographic software module. 

13. The software system of claim 12, wherein the encrypted 
software module is a dynamic-link library (DLL) for providing a 
secure socket layer (SSL) . 

14. The software system of claim 9, wherein the encrypted 
software module resides on a computer- readable medium. 

15. A computing method comprising: 

decrypting an encrypted software module when at least 
one of a set of trigger files is stored on a computing 
system; and 

loading the decrypted software module onto the 
computing system. 

16. The method of claim 15, wherein the decrypting step 
includes determining whether a prior version of the encrypted 
software module is stored on a computing system. 
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17. The method of claim 16, wherein the determining step 
includes retrieving hash values for the trigger files from a 
database . 

18. The method of claim 15, wherein the decrypting step 
includes retrieving a cryptographic key from a database. 

19. The method of claim 15 and further including loading one 
of the trigger files onto the computing system 

20. The method of claim 19, wherein the loading step includes 
retrieving the loaded trigger file from an Internet website. 

21. The method of claim 15/ wherein the loading step includes 
loading a cryptographic software module. 

22. The method of claim 15, wherein decrypting the encrypted 
software module includes retrieving the encrypted software 
module from a computer-readable medium. 

23. A computer-readable medium having computer-executable 
instructions to cause a computing system to perform the method 
of claim 15. 
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ABSTRACT OF THE DISCLOSURE 

An installation mechanism that securely installs encrypted 
software modules on a computer is described. The mechanism 
allows restricted software, such as domestic strength 

5 cryptography software, to be shipped directly to a user. The 
mechanism decrypts the software modules and installs the 
software modules on the computer only when at least one of a 
set of trigger files is present on the computer, thereby 
requiring that the computer be authorized for the restricted 

10 software. A setup program invokes each of a plurality of 

installation modules in order to install the software modules. 
Each installation module securely encapsulates an encrypted 
version of the software module and is programmed to decrypt the 
corresponding software module only when a genuine trigger file 

15 is detected. 

&BSBux~- 
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Reg. No. 3 9,6 1 0 Holloway, Sheryl S . 

Reg. No. 32,836 Huebsch, Joseph C. 

Reg. No. 42,331 Kalis, Janal M. 

Reg. No. 35,075 Khma-Silberg, Catherine I. 

No. 40,925 Kluth, Daniel J. 

Reg. No. 38,107 Lacy, Rodney L. 

Reg. No. 32,022 Leffert, Thomas W. 

Reg. No. 40,594 Lemaire, Charles A. 

Reg. No. 43,328 Litman, Mark A. 

Reg. No. 39,665 Lundberg, Steven W. Reg, 

Reg. No. 35,138 Mack, Lisa K. 



No. 42,546 

Reg. No. 

Reg, No. 

Reg. No. 

Reg. No. 

Reg. No. 

Reg. No. 

Reg. No. 

Reg. No. 

Reg. No. 

Reg. No. 

Reg. No 
No. 30,568 

Reg. No. 



30,837 
37,346 
37,850 
42,673 
37,650 
40,052 
32,146 
41,136 
40,697 
36,198 
26,390 

42,825 



Maki, Peter C. Reg. No. 42,832 

Mates, Robert E. Reg. No. 35,271 

McCrackin, Ann M. Reg. No. 42,858 

Oh, Allen J. Reg. No. 42,047 

Padys, Danny J. Reg. No. 35,635 

Polglaze, Daniel J. Reg. No. 39,801 

Sako, Katie E. Reg. No. 32,628 

Schwegman, Micheal L. Reg. No . 25,8 1 6 

Sieffert, Kent J. Reg. No. 41,312 

Slifer, Russell D. Reg. No. 39,838 

Steffey, Charles E. Reg. No. 25,179 

Terry, Kathleen R. Reg- No. 3 1 ,884 

Viksnins, Ann S . Reg. No. 37,748 
Woessner, Warren D. Reg. No. 30,440 



I hereby authorize them to act and rely on instructions from and communicate directly with the 
person/assignee/attomey/fixrr^organizati^ first sends/sent this case to them and by whom/which I hereby declare that I have 

consented after full disclosure to be represented unless/until I instruct Schwegman, Lundberg, Woessner & Kluth, PA. to the contrary. 
Please direct all correspondence in this case to Schwegman, Lundberg, Woessner & Kluth, PA. at the address indicated below: 
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I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information 
and belief are believed to be true; and further that these statements were made with the knowledge that willful false statements and the 
like so made are punishable by fine or imprisonment, or both, under Section 1001 of Title 18 of the United States Code and that such 
willful false statements may jeopardize the validity of the application or any patent issued thereon. 

P.O. Box 2938, Minneapolis, MN 55402 
Telephone No. (612)373-6900 
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Serial No. not assigned 

Filing Date: not assigned _ . 

I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information 
and belief are believed to be true; and further that these statements were made with the knowledge that willful false statements and the 
like so made are punishable by fine or imprisonment, or both, under Section 1001 of Title 18 of the United States Code and that such 
willful false statements may jeopardize the validity of the application or any patent issued thereon. 

Full Name of joint inventor number 1 : Richard Ale xander Harrington 
Citizenship: United States of America Residence: Seattle, WA 

Post Office Address; 905 22nd Avenue 

Seattle, WA 98122 

Signature: Date: 
Richard Alexander Harrington 




Full Name of joint inventor number 2 : Rama I. Srinivasan 
Citizenship: United States of America 

Post Office Address: 7740 149th Avenue N.E. 

Redmond, WA 98052 



Signature: 



Rama I. Srinivas; 




Residence: Redmond, WA 



Date: 



f£1 Name of joint inventor number 3 : Terence R. Spies 
Ofizenship: United States of Amerra 

Pelt Office Address: 213 5th Avenue West$# 

SPSS T^* 1-1 J TTTA nOAOO * 



Sfghature: 



Kirkland, WA 98033 



TerencefR. Spies 



Fit Name of inventor: 

Citizenship: 

Post Office Address: 




Residence: Kirkland, WA 



Date: 



Residence: 



Signature: 



Date: 
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(a) A patent by its very nature is affected with a public interest. The public interest is best served, and the most effective patent 
examination occurs when, at the time an application is being examined, the Office is aware of and evaluates the teachings of all information 
material to patentability. Each individual associated with the filing and prosecution of a patent application has a duty of candor and good 
faith in dealing with the Office, which includes a duty to disclose to the Office all information known to that individual to be material to 
patentability as defined in this section. The duty to disclose information exists with respect to each pending claim until the claim is canceled 
or withdrawn from consideration, or the application becomes abandoned. Information material to the patentability of a claim that is canceled 
or withdrawn from consideration need not be submitted if the information is not material to the patentability of any claim remaining under 
consideration in the application. There is no duty to submit information which is not material to the patentability of any existing claim. The 
duty to disclose all information known to be material to patentability is deemed to be satisfied if all information known to be material to 
patentability of any claim issued in a patent was cited by the Office or submitted to the Office in the manner prescribed by §§ 1.97(b)-(d) 
and 1 .98. However, no patent will be granted on an application in connection with which fraud on the Office was practiced or attempted or 
the duty of disclosure was violated through bad faith or intentional misconduct. The Office encourages applicants to carefully examine: 

(1) prior art cited in search reports of a foreign patent office in a counterpart application, and 

(2) the closest information over which individuals associated with the filing or prosecution of a patent application believe any 
^ pending claim patentably defines, to make sure that any material information contained therein is disclosed to the Office. 

3Jb) Under this section, information is material to patentability when it is not cumulative to information already of record or being 
rrMj|e of record in the application, and 

^ (1) It establishes, by itself or in combination with other information, a prima facie case of unpatentability of a claim; or 

y I (2) It refutes, or is inconsistent with, a position the applicant takes in: 

£ (i) Opposing an argument of unpatentability relied on by the Office, or 

HP (ii) Asserting an argument of patentability. 

/tprima facie case of unpatentability is established when the information compels a conclusion that a claim is unpatentable under the 
p^gponderance of evidence, burden-of-proof standard, giving each term in the claim its broadest reasonable construction consistent with the 
sigcification, and before any consideration is given to evidence which may be submitted in an attempt to establish a contrary conclusion of 
patentability. 

(c) Individuals associated with the filing or prosecution of a patent application within the meaning of this section are: 

( 1 ) Each inventor named in the application: 

(2) Each attorney or agent who prepares or prosecutes the application; and 

(3) Every other person who is substantively involved in the preparation or prosecution of the application and who is associated 
with the inventor, with the assignee or with anyone to whom there is an obligation to assign the application. 



(d) Individuals other than the attorney, agent or inventor may comply with this section by disclosing information to the attorney, 
agent, or inventor. 



